[c-nsp] CALEA was Re: OT - Dark Fiber

Jared Mauch jared at puck.nether.net
Fri Sep 4 16:43:40 EDT 2009 

On Sep 4, 2009, at 4:29 PM, Scott Granados wrote:

> What about Unlawful requests?

	You need not comply, and if you do, you could be breaking the law.

>  For example, suppose someone went to oh say ATT with out a Warrent  
> and demanded they tap say most phones on their network?

	NSL is the case where someone could ask for something, but wiretaps  
are something else. NSL is typically "who is the subscriber".

>  Or let's say that someone from an alphabet soup organization taps  
> you on the shoulder and demands access to your traffic for some sort  
> of automated filtering?

	I know a few of those types and they have never asked for or even  
talked around that sort of thing.

>  Thankfully I don't work in an environment where this would ever  
> come up but this was more of a thought experiment. I've worked in a  
> few provider networks where law enforcement requests have come up  
> but the requests always made sense along with the proper paper work  
> accompanying them and honestly I've never first hand observed the  
> type of wide scale monitoring that's been reported but the idea of  
> the thing gives me the shivers. I'm sorry if this is off topic I'll  
> drop the thread if it is but since CALEA was mentioned I was really  
> curious why people bought in to it in the first place.

	Calea was originally to cover the changeover of pstn to digital  
switches so they can track drug dealers, et al. While it also applies  
to "broadband" networks, Its not something you are likely to see. You  
can talk to the (i swear they are nice) CALEA Implementation unit  
about what you need. They are nice guys and there is no penalty for  
non-compliance unless you get a lawful request and are unable to  
comply. Then the FCC gets involved and you could be fined.

	Your best bet is to actually be social with your local FBI, Secret  
Service & Police. Tell them who you are, what you do, and when  
something comes up it wont seem like jackboot thugs :).

	Websites/things to google: askcalea.net, infragard.net

- Jared
>
>
> ----- Original Message ----- From: "Jared Mauch" <jared at puck.nether.net 
> >
> To: "Scott Granados" <gsgranados at comcast.net>
> Cc: "david raistrick" <drais at icantclick.org>; "jp" <jp at saucer.midcoast.com 
> >; <cisco-nsp at puck.nether.net>
> Sent: Friday, September 04, 2009 1:19 PM
> Subject: Re: [c-nsp] CALEA was Re: OT - Dark Fiber
>
>
>> Talk to your counsel about the compliance requests you get. You may  
>> be able to get away without it, but you are required to comply with  
>> any lawful requests, even if you don't like them. The same is true  
>> for any business where you could get a lawful request for records.
>>
>> Check out packetforensics if you need a device, much cheaper than   
>> others in the space, their website can be a bit funny, but worth   
>> having a [free] login.
>>
>> - Jared
>>
>> On Sep 4, 2009, at 4:07 PM, Scott Granados wrote:
>>
>>> Why does anyone comply with CALEA?  Especially after the abuses  
>>> of  the last 8 years and probably a lot farther back than that?   
>>> I've  been reading about the requirements and the idea that ISPs  
>>> cooperate  with law enforcement really makes me uneasy on a civil  
>>> liberties  basis. Does Uncle Sam scare tactic people in to  
>>> compliance?  There's  just something about making things easier  
>>> for the NSA and any number  of alphabet soup agencies that strikes  
>>> me as unamerican (to use  their own phrase against them) and  
>>> wrong. Or was it created simply  to create a new space for  
>>> security products and C, J and the others  were really good at  
>>> lobbying?
>>>  Since it doesn't require the ISP to break open encrypted traffic   
>>> it almost makes me think a public key system that lets the end  
>>> user  encrypt everything from phone to television with their own  
>>> keys  makes some sense so there's nothing left in the clear for   
>>> entertaining the James Bond crowd! Probably not practical at all  
>>> but  this thread just convinced me not to use split tunneling.;)
>>>
>>> ----- Original Message ----- From: "david raistrick" <drais at icantclick.org
>>> >
>>> To: "jp" <jp at saucer.midcoast.com>
>>> Cc: <cisco-nsp at puck.nether.net>
>>> Sent: Friday, September 04, 2009 12:40 PM
>>> Subject: Re: [c-nsp] OT - Dark Fiber
>>>
>>>
>>>> On Fri, 4 Sep 2009, jp wrote:
>>>>
>>>>> Regarding the topic... If someone provides dark fiber, would  
>>>>> they be
>>>>> subject to CALEA requirements to be able to tap and record the
>>>>
>>>> I haven't followed CALEA-for-ISPs for a few years, but at least   
>>>> when it was initially required, dark fiber providers won't need  
>>>> to  comply with CALEA.  They're not providing network service.   - 
>>>> lit-  fiber providers would because they're either providing  
>>>> network or  telecom service....but they generally wouldn't do it  
>>>> at the  physical layer.
>>>>
>>>> ...david
>>>>
>>>> --
>>>> david raistrick        http://www.netmeister.org/news/  
>>>> learn2quote.html
>>>> drais at icantclick.org             http://www.expita.com/nomime.html
>>>>
>>>> _______________________________________________
>>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list